package com.demo.config;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
    @Override
    protected void configure(HttpSecurity http) throws Exception{//只对/eureka/**放行
        super.configure(http);//访问eureka控制台和/actuator是的安全控制
        http.csrf().ignoringAntMatchers("/eureka/**");//为所有/eureka/**的请求放行
    }
//    @Override
//    protected void configure(HttpSecurity http) throws Exception{//禁用csrf
//        //注意，如果直接disable的话会把安全认证也禁用掉
//        http.csrf().disable().authorizeRequests().anyRequest().authenticated().and().httpBasic();
//    }
}
